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Period for Reply 

A SHORTENED STATUTORY PERIOD FOR REPLY IS SET TO EXPIRE 3 MONTH(S) FROM 
THE MAILING DATE OF THIS COMMUNICATION. 

- Extensions of time may be available under the provisions of 37 CFR 1 . 1 36(a). In no event, however, may a reply be timely filed 
after SIX (6) MONTHS from the mailing date of this communication. 

- If the period for reply specified above Is less than thirty (30) days, a reply within the statutory minimum of thirty (30) days will be considered timely. 

- If NO period for reply is specified above, the maximum statutory period will apply and will expire SIX (6) MONTHS from the mailing date of this communication. 

- Failure to reply within the set or extended period for reply will, by statute, cause the application to become ABANDONED (35 U.S.C. § 1 33). 
Any reply received by the Office later than three months after the mailing date of this communication, even if timely filed, may reduce any 
earned patent term adjustment. See 37 CFR 1.704(b). 

Status 

1 )M Responsive to communication(s) filed on 12 February 2002 . 
2a)n This action is FINAL. 2b)S This action is non-final. 

3) n Since this application is in condition for allowance except for formal matters, prosecution as to the merits is 

closed in accordance with the practice under Ex parte Quayle, 1935 CD. 11, 453 O.G. 213. 

Disposition of Claims 

4) S Claim(s) 1-20 is/are pending in the application. 

4a) Of the above claim(s) is/are withdrawn from consideration. 

5) n Claim(s) is/are allowed. 

6) S Claim{s) 1-20 is/are rejected. 
?)□ Claim{s) is/are objected to. 

8) n Claim(s) are subject to restriction and/or election requirement. 

Application Papers 

9) n The specification is objected to by the Examiner. 

10) 0 The drawing(s) filed on is/are: a)n accepted or b)n objected to by the Examiner. 

Applicant may not request that any objection to the drawing(s) be held in abeyance. See 37 CFR 1 .85(a). 
Replacement drawing sheet(s) including the correction is required if the drawing(s) is objected to. See 37 CFR 1.121(d). 

1 1) 0 The oath or declaration is objected to by the Examiner. Note the attached Office Action or form PTO-152. 

Priority under 35 U.S.C. § 119 

12) 0 Acknowledgment is made of a claim for foreign priority under 35 U.S.C. § 1 19(a)-(d) or (f). 
a)n All b)n Some * c)^ None of: 

1 .□ Certified copies of the priority documents have been received. 

2. n Certified copies of the priority documents have been received in Application No. . 

3. D Copies of the certified copies of the priority documents have been received in this National Stage 

application from the International Bureau (PCT Rule 17.2(a)). 
* See the attached detailed Office action for a list of the certified copies not received. 
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1 ) ^ Notice of References Cited (PTO-892) 4) □ Interview Summary (PTO-41 3) 

2) □ Notice of Draftsperson's Patent Drawing Review (PTO-948) Paper No(s)/Mail Date. . 

3) □ Information Disclosure Statement(s) (PT0.1449 or PTO/SB/08) 5) □ Notice of Informal Patent Application (PTO-152) 

Paper No(s)/Mail Date . 6) □ Other: . 
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Claim Rejections - 35 USC § 102 
The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 
form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the Invention was patented or described in a printed publication in this or a foreign country or in 
public use or on sale in this country, more than one year prior to the date of application for patent in the 
United States. 

Claim 1 is rejected under 35 U.S.C. 102(b) as being anticipated by Bodnar (US 
6,061,790). 

As per claim 1, Bodnar discloses a method of protecting a username during 

authentication, the method comprising: 

obtaining a plain text username over a secure communication channel; (Col 6 

lines 14-16, Col 7 lines 50-53) 

obtaining a server Identifier for a server; (Col 6 lines 11-14) 

obscuring the plain text username using the server identifier; (Col 8 lines 59-67) 

providing the obscured username and the plain text username to the server; (Col 

7 lines 50-57, Col 8 lines 64-67, Col 9 lines 1-8) 

and communicating authentication information including the obscured username 

over a non-secure communication channel from a client. (Col 6 lines 14-16, Col 8 lines 

64-67) The client generates a enciphered fingerprint HI, identifies ownership from the 

user and represents the obscured username. 
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As per claim 2, Bodnar discloses the method of claim 1 wherein the server 
identifier is a uniform resource locator (URL) corresponding to the server. (Col 6 lines 
14-16) URL is inherent to TCP via the Internet. 

As per claim 3, Bonar discloses the method of claim 1 , wherein the server 
identifier is an authentication domain corresponding to the server. (Col 9 line 1, Col 9 
lines 9-21) 

As per claim 4, Bonar discloses the method of claim 1 , wherein obscuring the 
plain text username using the server identifier comprises encrypting the plain text 
username using an encryption method. (Col 7 lines 24-27, Col 8 lines 59-67) 

As per claim 6, Bodnar discloses the method of claim 1 , wherein the client is a 
wireless device. (Col 2 lines 25-28, Col 12 lines 27-30) A cellular phone is a wireless 
device. 

As per claim 7, Bodnar discloses the method of claim 1 , wherein obtaining a plain 
text username over a secure communication channel comprises establishing an 
encrypted communication session between the user and the server and communicating 
a plain text username from the user to the server. (Col 7 lines 50-53, Col 8 lines 59-63) 
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As per claim 8, Bodnar discloses the method of claim 1, wherein the 
authentication information satisfies a plain text, unencrypted authentication scheme. 
(Col 6 lines 14-16, Col 6 lines 29-31) 

As per claim 9, Bodnar discloses the method of claim 1, wherein the server 
identifier is a combination of an authentication domain and a uniform resource locator 
(URL) of the server; (Col 6 lines 14-16, Col 9 line 1, Col 9 lines 9-21) URL is inherent to 
TCP via the Internet. 

As per claim 10, Bodnar discloses a username protection process comprising: 
registering a user with a selected server by requesting and receiving a plain text user 
identifier, (Col 6 lines 11-16, Col 7 lines 50-53) 

creating an obscure version of the plain text user identifier; (Col 8 lines 63-67) The client 
generates a enciphered fingerprint HI , identifies ownership from the user and 
represents the obscured username. 

and storing the plain text user identifier and the obscure version of the plain text user 
identifier on the selected server; (Col 7 lines 56-57, Col 8 lines 64-67, Col 9 lines 9-11) 
and initiating a communication session between the user and the selected server by the 
communication of the obscure version of the plain text user identifier over a plain text 
communication channel. (Col 6 lines 14-16, Col 8 lines 64-67) 
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As per claim 1 1 , Bodnar discloses the process of claim 1 0, wherein the user is a 
wireless client device communicating over a non-encrypted channel. (Col 2 lines 25-28, 
Col 12 lines 27-30) A cellular phone is a wireless device. 

As per claim 12, Bodnar discloses the process of claim 1 0, wherein 
communication over a plain text channel involves the obscure version of the plain text 
user identifier (Col 6 lines 12-14, Col 8 lines 59-63) and communication over a secure 
channel can use the plain text user identifier. (Col 6 lines 14-16, Col 7 lines 50-53) 

As per claim 14, Bodnar discloses a system for protecting a username during 
authentication over a non-encrypted channel, system comprising: 
a client device being configured to communicate information over unsecure 
communication channels; (Col 6 lines 14-16, Col 6 lines 29-31) 

and a server having stored therein a plain text user identifier communicated by 
the client device over a secure communication channel and an obscured user identifier 
corresponding to the plain text user identifier. (Col 7 lines 50-53, Col 8 lines 64-67, Col 
9 lines 1-11) 

As per claim 15, Bodnar discloses the system of claim 14, further comprising a 
registration device being configured to communicate information over secure 
communication channels. (Col 7 lines 37-45) The JAVA enabled terminal serves as the 
registration device. 
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As per claim 16, Bodnar discloses the system of claim 15, wherein the client 
device and registration device are the same device. (Col 7 line 36, Col 7 line 41 , Col 7 
line 50-58) The JAVA enabled temiinal serves both as a client and registration device. 

As per claim 17, Bodnar discloses the system of claim 14, wherein the client 
device does not encrypt communication when communicating with the obscured user 
Identifier created from the plain text user identifier; The client does not encrypt 
information over an open channel such as TCP/IP via the Internet and communicates 
unsecurely. (Col 6 lines 12-14, Col 6 lines 29-31) 

As per claim 19, Bodnar discloses the system of claim 14, wherein the obscured 
user identifier corresponding to the plain text user identifier is created by encrypting the 
plain text user identifier with a key. (Col 8 lines 59-67) 

As per claim 20, Bodnar discloses the system of claim 19, wherein the key is 
based on the uniform resource locator (URL) of the server or an authentication domain 
of the server. (Col 6 lines 11-16) 

Claim Rejections - 35 (JSC § 103 

The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 
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(a) A patent may not be obtained though the invention is not identicaliy disclosed or described as set 
forth in section 1 02 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

Claim 5 is rejected under 35 U.S.C. 103(a) as being unpatentable over Bodnar 

(US 6,061,790) in view of Droge (US 2002/0004898) 

As per claim 5, Bondar discloses the method of claim 1 , however, fails to 
discloses an advanced encryption standard (AES) as a method of encryption. Droge 
discloses wherein the encryption method is advanced encryption standard (AES). 
[0050]. It would have been obvious to a person of ordinary skill in the art at the time the 
invention to incorporate advanced encryption standard (AES) in the disclosure of 
Bondar because it allows for algorithms that may be used to encrypt data at both the 
data link and IP layers. [0051] 

Claims 13 and 18 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Bodnar (US 6,061,790) in view of Shi et al. (US 5,875,296). 

As per claims 13 and 18, Bodnar discloses the process of claim 10 and 14 and 
however, fails to disclose wherein the obscure version and plain text versions are stored 
on the client device. Shi et al. discloses wherein the client device has stored therein the 
plain text user identifier and the obscured user identifier. Shi et al. discloses storing 
user identifiers on client machines, secure and unsecure using cookies. (Col 9 lines 8- 
10, Col 7 lines 64-67, Col 8 lines 1-2) It would have been obvious to a person of 
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ordinary skill in the art at the time the invention to incorporate a plain text user identifier 
and the obscured user identifier in the disclosure of Bodnar because the client does not 
need to repeatedly transfer user's id and password over the network to reduce the 
chances of being attacked by intruders. (Col 3 lines 40-46, Col 2 lines 66-67, Col 3 
lines 1-2) 

Conclusion 

The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. Gregg et al. (US 6,51 6,4 16)discloses a system and method for 
controlling access to computer resources using an untrusted network. Wright (US 
6,052,466) discloses partitioning a private key generated cipher stream into an indexed 
sequence of secondary keys. Shambroom (US 5,923,756) discloses providing secure 
remote command execution over an insecure computer network. Goss (US 4,956,863) 
discloses a cryptographic method and apparatus for public key exchange with 
authentication. Hellman et al. (US 4,218,582) discloses allowing authorized parties to a 
conversation to converse privately and authenticate another converser's identity. 
Hellman et al. (4,200,770) discloses the Diffe-Hellman protocol. 

Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Chirag R. Patel whose telephone number is (571)272- 
7966. The examiner can normally be reached on Monday to Friday from 7:30AM to 
4:00PM. 
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If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Rupal Dharia, can be reached on (571) 272-3880. The fax phone number 
for the organization where this application or proceeding is assigned Is 703-872-9306. 

Infomiation regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. 
Status information for unpublished applications is available through Private PAIR only. 
For more information about the PAIR system, see http://pair-direct.uspto.gov. Should 
you have questions on access to the Private PAIR system, contact the Electronic 
Business Center (EBC) at 866-217-9197 (toll-free). 




